App.No. 10/734,846 Docket JP920030198US1 

Filing Date: 12/12/2003 

REMARKS 

Posture of the Case and Claim Rejections 

Claims 1-35 were originally filed. In a first Office action (the "first Office action") of 
February 22, 2007, Examiner rejected claims 18-35 under 35 USC 101 on grounds that the 
invention claimed therein was directed to non-statutory subject matter. In Reply A, filed May 22, 
2007, Applicant amended the claims to overcome the rejection. The first Office action rejected 
claims 1-5, 10-12, 15, 18-22, 26-31 and 35 under 35 USC 102(a) as being anticipated by U.S. 
Patent 5,592,553 (Guski) and claims 6-9, 13, 14, 16, 17, 23-26, 32-35 under 35 USC 103(a) as 
being unpatentable over Guski in view of well-known practices in the art. In reply A, Applicant 
amended claims to overcome the rejections, pointing out the novel and nonobvious differences of 
the present invention. 

In a second, final Office action of July 17, 2007, (the "final Office action") Examiner 
stated that Applicant's arguments with respect to 35 USC 101 were persuasive, and the rejection 
was dropped. However, Examiner found Applicant's arguments with respect to the 102(a) and 
103(a) rejections of claims 1 and 2 unpersuasive. In the final Office action, Examiner rejected 
claims 1-3, 18-20, and 27-29 under 35 USC 112, second paragraph. Examiner also maintained 
the 102(a) and 103(a) rejections based on the same prior art. Specifically, Examiner rejected 
claims 1-5, 10, 18-22, 26-31 and 35 under 35 USC 102(a) as being anticipated by Guski, and 
claims 6-9, 23-26, and 32-35 under 35 USC 103(a) as being unpatentable over Guski in view of 
well-known practices in the art. 

Amendments to Independent Claims Submitted Herein to Overcome Rejections 

Under 35 USC 112, second paragraph 

Applicant has amended claims 1, 2, 18, 19, 27, and 28 to delete an extraneous "and." 

Examiner noted in the final Office action that Guski teaches "receiving said first 
application name again by the password generator at a second time and generating a second 
instance of the first password for said first application by the password generator, wherein the 
generating of the second instance of the first password is based on at least said first application 
name received at the second time and based on said single key, and the generated first password 
is identical in its first and second instance if no time interval has been user specified for the first 
and second instances or if a time interval has been user specified but not elapsed between the 
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first and second times." Applicant acknowledges Examiner's point about use of "or" in final 
limitation of independent claims, and herein amends the "or" in claims 1,2, 18, 19, 27, and 28 to 
read "and." Applicant submits that this amendment overcomes the rejection under 35 USC 1 12 
regarding the issue of whether the claim is limited by a time interval. 

Regarding the rejection under 35 USC 1 12 about insufficient antecedent basis for "time 
interval," presumably the rejection refers to the following language, since this is where the term 
"time interval" occurs: 

the generated first password is identical in its first and second instances if no time 
interval has been user specified for the first and second instances or if a time 
interval has been user specified but has not elapsed between the first and second 
times. 

No antecedent reference in the claims to a "time interval" is suggested by the language 
"no time interval has been user specified" nor by the language "a time interval has been user 
specified but has not elapsed between the first and second times." Therefore, no antecedent basis 
whatsoever, i.e., no antecedent statement in the claims about a "time interval," is required. 
Nevertheless, in order to fully cooperate with the Examiner, Applicant herein amends claims 1, 
2, 18, 19, 27, and 28 to put the reference to "a time interval has been user specified. . . times" 
ahead of claim language "no time interval has been user specified . . . instances." 

Applicant acknowledges that Applicant's explanation in Reply A about first and second 
embodiments was arguably confusing. Note that on page 7, line 1 8 - page 8, line 29, of the 
original specification, in connection with description of FIG. 3, the application clearly describes a 
single embodiment in which the user may either specify and time interval for a password or else 
not specify the time interval, and wherein the password generator responds accordingly in both 
circumstances. See especially page 8, lines 17-18, lines 21-22, and lines 29-30. Applicant 
submits that this amendment overcomes the rejection under 35 USC 112 regarding antecedent 
basis for time interval. 

Remarks Concerning Rejections Under 35 USC 102 

Regarding the 102(a) rejections, the rejection argues Guski teaches at col. 6, line 61 - col. 
7, line 3, that a password is valid for a predetermined time interval, and that this anticipates either 
a password generator producing the same password "if no time interval has been user specified" 
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or else "if a time interval has been user specified but has not elapsed" between instances. 
Applicant respectfully disagrees. 

What the cited passage states is the following: 

Password generator 300 is invoked when a user wishes to access a host application. When 
invoked, the password generator generates a one-time password 3 10 as a function of the user ID 
302, application ID 304, signon key 306 and time/date 308. Password 310 is transmitted to the 
authenticating node 104, together with the user ID 302 and application ID 304, as part of a signon 
request 320. 

Applicant respectfully submits that this actually teaches the opposite of that for which it 
is cited. That is, the passage teaches generating a "one-time password." Generating a "one-time 
password" is directly contrary to generating the same password at two different times, i.e., in first 
and second instances, where the first instance is at a first time and the second instance is at a 
second time, as claimed. If Guski wanted to convey generating the same password at two 
different times, then using the type of terminology Guski did use, Guski might have said a 
"two-time password" or a "multiple-time password." But this is not what Guski said. 

Indeed, elsewhere Guski teaches about a time interval that is also directly contrary to 
what is claimed in the present case. That is, Guski states the following: 

If the received password 310 does correspond to a legal password, then the password evaluator 
312 determines whether the received password is identical to any valid password received over a 
predefined time interval (step 708); the interval is 10 minutes in the disclosed embodiment, but 
may be more or less if desired. If the received password is identical to a password received within 
the defined time interval, the just-received password is rejected as a "replay" of the previously 
received password (step 706). Since the valid password for a given used ID and application ID 
changes every second in the disclosed embodiment, the only realistic manner in which an identical 
password could be generated is by interception of a previously transmitted password (e.g., ai 
traverses the communications channel 106) and "replay" of that password by injecting it back into 
the system. 

Col. 9, line 55 - col. 10, line 3. 

In this passage, Guski teaches that if two instances of the same password are received 
during a predetermined time interval, the password is rejected, since Guski's password generator 
should not generate two identical passwords. Note that limiting the testing of passwords for 
sameness to an interval such as 10 minutes is presumably merely due to the memory required to 
save received passwords for comparison, not because Guski teaches generating identical 
passwords after the 10 minute interval. Indeed, given that Guski teaches generating passwords as 
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a function of time/date 308, as previously discussed herein above, Gush's password generator 
should not generate two identical passwords regardless of the interval. 

So, Guski does not teach generating the same password in first and second instances 
either if no time interval has been user specified or if a user specified time interval has elapsed 
between instances. All the more certainly, Guski does not teach generating the same password in 
two instances both if no time interval has been user specified and if a user specified time interval 
has elapsed between instances, as now claimed. 



For the reasons explained herein above, Applicant contends that the claims as amended 
herein are patentably distinct, and hereby requests that Examiner grant allowance and prompt 
passage of the application to issuance. 



Anthony V. S. England 
Attorney for Applicants 
Registration No. 35,129 
PO Box 5307 
Austin, Texas 78763 
512-477-7165 
a@aengland.com 
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